Configuring your DNS for IM filtering
If you want to use your Symantec Mail Security Appliance to filter IM traffic, two
differently configured types of DNS servers are required:
■
DNS accessed by internal hosts that routes internal IM traffic to a Scanner for
filtering
■
DNS accessed by Scanners that routes outgoing IM traffic to public IM networks
on the Internet
Changes to your firewall are also required for IM filtering.
See
“Configuring your firewall for connections to public IM network servers”
on page 24.
Configuring DNS to route internal IM traffic to a Scanner
Your organization most likely has an internal DNS configured to direct your IM
client traffic directly to the Internet. If you want to use your Symantec Mail
Security Appliance to filter IM traffic, you must reconfigure your DNS to direct
your IM client traffic to your IM-filtering Scanner instead. You can do this by
either reconfiguring the existing forward lookup zones or creating new ones in
your DNS records for each public IM network that your organization uses, and
then assigning the IM-filtering Scanner's IP address as its host.
Table 3-1
lists the host names of each public IM network for which you must create
a forward lookup zone.
Configuring DNS to route outgoing IM traffic to public IM
networks
After filtering your IM messages, the Scanner directs your IM clients to their
public IM network servers. It does this by using an additional DNS that you specify
when you install Symantec Mail Security Appliance. This DNS can be one or both
of the following:
■
Internet Root DNS
This is a DNS that resides on the Internet. If you use this DNS, you must allow
a connection from your firewall to the Internet over port 53.
■
An internal corporate DNS
This is a DNS that resides within your corporate network, and is able to resolve
the server names of the public IM networks that you use.
27
Setting up the Symantec Mail Security Appliance
Before you set up your appliance